1 files changed, 82 insertions, 0 deletions
diff --git a/ModAS.Server/Authentication/AuthMiddleware.cs b/ModAS.Server/Authentication/AuthMiddleware.cs
new file mode 100644
index 0000000..8b7266f
--- /dev/null
+++ b/ModAS.Server/Authentication/AuthMiddleware.cs
@@ -0,0 +1,82 @@
+using System.Net.Http.Headers;
+using System.Text.Json;
+using LibMatrix;
+using LibMatrix.Homeservers;
+using LibMatrix.Services;
+using ModAS.Server.Attributes;
+using MxApiExtensions.Services;
+
+namespace ModAS.Server.Authentication;
+
+public class AuthMiddleware(RequestDelegate next, ILogger<AuthMiddleware> logger, ModASConfiguration config, HomeserverProviderService hsProvider, AppServiceRegistration asr) {
+ public async Task InvokeAsync(HttpContext context) {
+ context.Request.Query.TryGetValue("access_token", out var queryAccessToken);
+ var accessToken = queryAccessToken.FirstOrDefault();
+ accessToken ??= context.Request.GetTypedHeaders().Get<AuthenticationHeaderValue>("Authorization")?.Parameter;
+
+ //get UserAuth custom attribute
+ var endpoint = context.GetEndpoint();
+ if (endpoint is null) {
+ Console.WriteLine($"Ignoring authentication, endpoint is null!");
+ await next(context);
+ return;
+ }
+
+ var authAttribute = endpoint?.Metadata.GetMetadata<UserAuthAttribute>();
+ if (authAttribute is not null)
+ logger.LogInformation($"{nameof(Route)} authorization: {authAttribute.ToJson()}");
+ else if (string.IsNullOrWhiteSpace(accessToken)) {
+ // auth is optional if auth attribute isnt set
+ Console.WriteLine($"Allowing unauthenticated request, AuthAttribute is not set!");
+ await next(context);
+ return;
+ }
+
+ if (string.IsNullOrWhiteSpace(accessToken))
+ if (authAttribute is not null) {
+ context.Response.StatusCode = 401;
+ await context.Response.WriteAsJsonAsync(new MatrixException() {
+ ErrorCode = "M_UNAUTHORIZED",
+ Error = "Missing access token"
+ }.GetAsObject());
+ return;
+ }
+
+ try {
+ switch (authAttribute.AuthType) {
+ case AuthType.User:
+ var authUser = await GetAuthUser(accessToken);
+ context.Items.Add("AuthUser", authUser);
+ break;
+ case AuthType.Server:
+ if (asr.HomeserverToken != accessToken)
+ throw new MatrixException() {
+ ErrorCode = "M_UNAUTHORIZED",
+ Error = "Invalid access token"
+ };
+
+ break;
+ default:
+ throw new ArgumentOutOfRangeException();
+ }
+ }
+ catch (MatrixException e) {
+ context.Response.StatusCode = 401;
+ await context.Response.WriteAsJsonAsync(e.GetAsObject());
+ return;
+ }
+
+ await next(context);
+ }
+
+ private async Task<AuthUser> GetAuthUser(string accessToken) {
+ AuthenticatedHomeserverGeneric? homeserver;
+ homeserver = await hsProvider.GetAuthenticatedWithToken(config.ServerName, accessToken, config.HomeserverUrl);
+
+ return new AuthUser() {
+ Homeserver = homeserver,
+ AccessToken = accessToken,
+ Roles = config.Roles.Where(r => r.Value.Contains(homeserver.WhoAmI.UserId)).Select(r => r.Key).ToList()
+ };
+ }
+}
\ No newline at end of file
|
